VoIP Industry Newsletter: Topics in Disaster Recovery Planning for VoIP networks

Jul 2009

Regulatory Compliance
Andrew Isar, President of Miller Isar, Inc.

This is the first in a series of discussions regarding what is termed “interconnected Voice over Internet Protocol” (iVoIP) telephony regulatory compliance. Thank you to VoIP Logic for this opportunity to provide some useful information to help carriers and service providers meet their regulatory obligations when deploying VoIP services.

A common misconception that I want to correct upfront is that VoIP is not regulated; it is. While it is true that iVoIP is subject to “streamlined regulation,” and that US states have been largely preempted by Federal law from regulating iVoIP (although many states continue to test its limits), there are very specific, inescapable regulatory obligations that apply.

One of these key obligations – the first in our discussions - is compliance with the Federal Communications Commission’s (FCC) Customer Proprietary Network Information (CPNI) rules, 47 C.F.R. §64.2001 et seq. CPNI rules have applied to telecommunications carriers and service providers for some time though on April 2, 2007 the requirements were further extended to iVoIP providers through a Report and Order and Further Notice of Proposed Rulemaking. This Report and Order established several very specific salient CPNI requirements for iVoIP providers:

1. Providers may not release any customer related information without a customer-provided password – whether over the telephone or online;
2. Providers must notify customers immediately when a password changes and must provide a back-up method of customer authentication;
3. In the event of a CPNI breach, providers must notify customers and law enforcement agencies of a breach; and
4. Providers must file an annual, officer-signed compliance certification, including an explanation of any actions taken against data brokers and a summary of all consumer complaints received in the previous year regarding the unauthorized release of CPNI.

The FCC’s emphasis on CPNI protection has been heightened recently over increasing privacy concerns. Earlier this year, the FCC released Notices of Apparent Liability to more than 600 telecommunications and iVoIP providers for failure to file, or timely-file, the annual CPNI certification, and imposed resulting unprecedented penalties of $20,000 per violation. CPNI compliance is serious and demands provider attention. IVoIP providers should familiarize themselves with the rules and develop plans to ensure ongoing compliance.

Andrew Isar is President of Miller Isar, Inc.
www.millerisar.com
253.851.6700
aisar@millerisar.com

Founded in 1991, Miller Isar, Inc. concentrates on the telecommunications industry. Headquarted near Seattle, WA, with offices in Philadelphia, PA, Miller Isar focuses its practice on Regulatory Compliance, Public Policy, and Business Practices, as they relate to Regulatory obligations
  Next>>